b"March 2008\nReport No. AUD-08-008\n\n\nFDIC\xe2\x80\x99s Contract Oversight Management\nof the Infrastructure Services Contract\n\n\n\n            AUDIT REPORT\n\n   Material has been redacted from this\n report to protect sensitive, confidential or\n           privileged information.\n\x0cFederal Deposit Insurance Corporation                                                                Office of Audits\n3501 Fairfax Drive, Arlington, VA 22226                                                 Office of Inspector General\n\n\n\n\nDATE:                                     March 27, 2008\n\nMEMORANDUM TO:                            Michael E. Bartell, Chief Information Officer and\n                                          Director, Division of Information Technology\n\n                                          Arleas Upton Kea, Director\n                                          Division of Administration\n\n\n\nFROM:                                     Russell A. Rau\n                                          Assistant Inspector General for Audits\n\nSUBJECT:                                  FDIC's Contract Oversight Management of the\n                                          Infrastructure Services Contract\n                                          (Report No. AUD-08-008)\n\n\nThe subject final report is provided for your information and use. Please refer to the\nExecutive Summary, included in the report, for the overall audit results. Our evaluation\nof your response is incorporated into the body of the report. Your comments on a draft of\nthis report were responsive to the recommendations. Sufficient action has been taken to\nclose recommendation 6. The remaining recommendations will remain open for\nreporting purposes until we have determined that agreed-to corrective actions have been\ncompleted and are responsive.\n\nThis report contains information that may be proprietary. Accordingly, we request\nthat you safeguard this report to the fullest extent possible and make no disclosures\nof this report, or information therefrom, outside the FDIC without prior permission\nof the Inspector General. We will redact proprietary information prior to releasing\nthe final report publicly.\n\nIf you have questions concerning the report, please contact me at (703) 562-6350 or\nMark F. Mulholland, Director, Corporate Management and Security Audits, at\n(703) 562-6316. We appreciate the courtesies extended to the audit staff.\n\nAttachment\ncc:    Rack D. Campbell, DIT\n       James H. Angel, Jr., OERM\n       Daniel H. Bendler, DOA\n\x0cContents                                             Page\n\n\nBACKGROUND                                             1\n\nAUDIT OBJECTIVES AND APPROACH                          7\n\nOVERALL RESULTS                                        9\n\nROLES AND RESPONSIBILITIES                            12\n\nPROCUREMENT MANAGEMENT                                15\n\nACQUISITION POLICIES                                  16\n\nAWARD FEE DETERMINATIONS                              17\n\nCONTRACTOR INTEGRITY AND FITNESS                      18\n\nRECOMMENDATIONS                                       19\n\nCORPORATION COMMENTS AND OIG EVALUATION               22\n\nAPPENDICES\n   1. OBJECTIVES, SCOPE, AND METHODOLOGY              23\n   2. CORPORATION COMMENTS                            27\n   3. MANAGEMENT RESPONSE TO RECOMMENDATIONS          31\n\nTABLE\n  ISC Facts at a Glance                                1\n\nFIGURES\n  1. Annual Corporate IT Expenditures                  3\n  2. Ceiling Amounts for Key Components of the ISC     4\n  3. FDIC Assessments of SRA\xe2\x80\x99s Performance             5\n  4. ISC Governance Structure                          6\n\x0c                                     Background\n\n                                                 ISC Facts at a Glance\nIn June 2004, the FDIC\xe2\x80\x99s Board\nof Directors approved                            Contract Type           Cost Plus Award Fee\nexpenditure authority totaling                                           (Performance-based)\n$357 million to procure                          Ceiling Price           $341,766,035\ninformation technology (IT)\ninfrastructure services through                  Term                    5 years (1 base year, plus four\n                                                                         1-year option periods)\nthe General Services\nAdministration\xe2\x80\x99s (GSA) Federal                   Period of               September 21, 2004 \xe2\x80\x93\nSystems Integration and                          Performance             September 20, 2009\nManagement (FEDSIM) Center.                      Sponsoring              Division of Information\n                                                 Division                Technology (DIT)\nIn September 2004, FEDSIM                        Prime Contractor        SRA\nawarded a task order (the\n                                                 Key Subcontractors\nInfrastructure Services                                                         [Material Redacted]\nContract\xe2\x80\x94ISC) to Systems\nResearch Applications\nInternational, Inc. (SRA), under                 Contractor Staff        Approximately 205\nthe Millennia Government-wide                  Source: Office of Inspector General (OIG) analysis of ISC\nAcquisition Contract program.                         documentation.\n\n\n                               This Report Contains Confidential Information\n       For Official Use Only                       1                    Restricted Distribution\n\x0c                          Background (Cont.)\n\nIT infrastructure services procured through\nthe ISC include (among other things):\n\n    \xe2\x80\xa2   Mainframe Data Center Operations\n    \xe2\x80\xa2   Local Area Network Management\n    \xe2\x80\xa2   Hardware and Software\n        Procurements\n    \xe2\x80\xa2   Help Desk Operations                                        FDIC\xe2\x80\x99s mainframe computer at the Virginia\n                                                                              Square Data Center.\n    \xe2\x80\xa2   Telecommunications Support\n    \xe2\x80\xa2   Equipment and Software\n        Maintenance\n    \xe2\x80\xa2   Disaster Recovery Operations\n    \xe2\x80\xa2   Security Operations\n    \xe2\x80\xa2   Wireless Communications\n    \xe2\x80\xa2   Desktop and Server Engineering\n    \xe2\x80\xa2   IT Asset Management\n                                                                     Servers on the Local Area Network at the\n                                                                           Virginia Square Data Center.\n\n                                This Report Contains Confidential Information\n        For Official Use Only                       2                    Restricted Distribution\n\x0c                           Background (Cont.)\n                                                             Figure 1. Annual Corporate IT Expenditures\n                                           Expe nditure s\n\nThe portion of DIT\xe2\x80\x99s                        250,000,000\n\nexpenditures pertaining to\n                                            200,000,000\nthe ISC increased during\nthe initial years of the                    150,000,000\ncontract. This occurred as\nSRA assumed increasing                      100,000,000\n\nresponsibility for the\n                                             50,000,000\nFDIC\xe2\x80\x99s IT infrastructure.\nAs a result of the ISC, DIT                                                              ISC               ISC               ISC\n                                                         0\nwas able to eliminate 36                                             2004                2005              2006              2007\nindividual IT infrastructure                                                            Ye ar\n                                                                                                                                 *\ncontracts.                                                       IT Investment   Expenditures*    DIT   Expenditures**\n\n                                      Source: OIG analysis of financial information provided by DIT and the Division of\n                                              Finance. DIT expenditures include a nominal amount of expenses funded by\n                                              other FDIC divisions and offices.\n                                      *    IT Investment Expenditures are for corporate IT investment projects approved by the\n                                           FDIC\xe2\x80\x99s Board of Directors as part of the Corporate Investment Budget.\n                                      **   DIT Expenditures are for DIT\xe2\x80\x99s operating budget.\n\n\n                                 This Report Contains Confidential Information\n         For Official Use Only                               3                         Restricted Distribution\n\x0c                         Background (Cont.)\n                                          Figure 2. Ceiling Amounts for Key Components\n                                                              of the ISC\nAccording to financial                              (Total Ceiling: $341,766,035)\ninformation provided by\nDIT, the FDIC had                                               Labor\nexpended $191,401,707                                       ($133,799,133)                 Technical\n                                                                                            Refresh\nof the ISC\xe2\x80\x99s                                                                             ($63,194,557)\n$341,766,035\nceiling amount as of                            Hardware/Software                       Tools\nDecember 31, 2007.                                Maintenance                       ($47,100,000)\n                                                       ($89,873,737)\n\n\n\n\n                                                                                  Other ($7,798,608)\n                                     Source: OIG analysis of ISC documentation. Component figures reflect\n                                             proposed contract ceiling amounts as of October 2007.\n\n\n\n\n                               This Report Contains Confidential Information\n       For Official Use Only                       4                    Restricted Distribution\n\x0c                           Background (Cont.)\n\n\nThe FDIC\xe2\x80\x99s assessments of\nSRA\xe2\x80\x99s performance under\nthe ISC have been\nfavorable.                                                      [Material Redacted]\n\nAs of October 2007, the\nFDIC had awarded\n\n[Material Redacted]\n\nfees available at that date\nunder the ISC.\n                                      Source: OIG analysis of ISC award fee evaluation reports.\n\n\n\n\n                                 This Report Contains Confidential Information\n         For Official Use Only                       5                     Restricted Distribution\n\x0c                              Background (Cont.)\n                         Figure 4. ISC Governance Structure\nAward\n AwardFee\n       FeeEvaluation\n           Evaluation                       FEDSIM\n                                             FEDSIM                  Millennia Contract                    SRA\n                                                                                                            SRA\n       Board\n        Board                                                               ISC\n\n                                   Interagency    Agreement                                      IT Services   Reporting\n\n\n                                   Federal Deposit Insurance Corporation\n                                                 ISC\n                                                  ISCOversight\n                                                      OversightCommittee\n                                                                Committee\n\n\n                                                 ISC\n                                                  ISCProgram\n                                                      ProgramManagement\n                                                                Management\n          Division\n           DivisionofofAdministration\n                        Administration                Program Manager\n                                                       Program Manager          DIT\n                                                                                 DITProcurement\n                                                                                     ProcurementManagement\n                                                                                                ManagementBoard\n                                                                                                           Board\n         Acquisition\n          AcquisitionServices\n                       ServicesBranch\n                                Branch              Subject\n                                                     SubjectMatter\n                                                            MatterExperts\n                                                                   Experts\n\n\n\n\n        Operations\n         Operations                      Security\n                                          Security                   Engineering\n                                                                      Engineering            Asset\n                                                                                              AssetMgt\n                                                                                                   Mgt&&Procurement\n                                                                                                           Procurement\n     Technical\n      TechnicalMonitor\n               Monitor               Technical\n                                      TechnicalMonitor\n                                               Monitor             Technical\n                                                                    TechnicalMonitor\n                                                                             Monitor             Technical\n                                                                                                  TechnicalMonitor\n                                                                                                            Monitor\n   Subject\n    SubjectMatter\n           MatterExperts           Subject\n                                    SubjectMatter\n                                           MatterExperts         Subject\n                  Experts                         Experts         SubjectMatter\n                                                                         MatterExperts\n                                                                                Experts        Subject\n                                                                                                SubjectMatter\n                                                                                                       MatterExperts\n                                                                                                              Experts\n\n\n                                    This Report Contains Confidential Information\n           For Official Use Only                            6                   Restricted Distribution\n\x0c      Audit Objectives and Approach\n\xe2\x80\xa2 The objectives of the audit were to assess:\n   \xe2\x80\x93 the FDIC's contract oversight management of SRA and\n     its subcontractors, including subcontractor selection\n     and performance, and\n   \xe2\x80\x93 support for payments made by the FDIC for IT goods\n     and services provided by SRA and its subcontractors.\n\n\xe2\x80\xa2 To accomplish our objectives, we:\n   \xe2\x80\x93 interviewed officials from FDIC, SRA, and the GSA\xe2\x80\x99s\n     FEDSIM Center;\n   \xe2\x80\x93 analyzed relevant reports, documents, and policies and\n     procedures; and\n   \xe2\x80\x93 observed key meetings related to the ISC.\n                              This Report Contains Confidential Information\n      For Official Use Only                       7                    Restricted Distribution\n\x0c    Audit Objectives and Approach (Cont.)\n\xe2\x80\xa2    We engaged the Defense Contract Audit Agency (DCAA) to audit\n     selected invoices submitted by SRA and two of its subcontractors\n     (                    [Material Redacted]                         ).\n\n\xe2\x80\xa2    Key criteria used in the audit included relevant regulations, FDIC\n     policies and procedures, the ISC (and its deliverable products), and\n     government and industry-recommended practices.\n\n\xe2\x80\xa2    We performed our audit work from October through December 2007\n     in accordance with generally accepted government auditing standards.\n\n\xe2\x80\xa2    Details on our objectives, scope, and methodology are in Appendix 1.\n\n\n\n\n                                This Report Contains Confidential Information\n        For Official Use Only                       8                    Restricted Distribution\n\x0c                                Overall Results\n\xe2\x80\xa2   The FDIC implemented a framework of controls designed\n    to ensure effective contract oversight management of\n    SRA and its subcontractors. However, the FDIC can\n    strengthen its oversight management of SRA in some\n    control areas.\n\n\xe2\x80\xa2   DCAA found that, except for a minor amount of labor and\n    applied indirect costs that did not meet the labor\n    qualifications of the contract, costs for IT goods and\n    services invoiced under the ISC were allowable, allocable,\n    and reasonable. The minor questioned costs have been\n    forwarded to DIT for appropriate action through GSA.\n\n\n\n                               This Report Contains Confidential Information\n       For Official Use Only                       9                    Restricted Distribution\n\x0c                    Overall Results (Cont.)\n\xe2\x80\xa2   The FDIC has implemented several contract oversight\n    management controls that are based on government and\n    industry-recommended practices. Such controls include:\n    \xe2\x80\x93 A Program Manager, Technical Monitors, and Subject Matter\n      Experts who monitor work and assess performance\n    \xe2\x80\x93 A comprehensive award fee determination process that evaluates\n      contractor and subcontractor performance\n    \xe2\x80\x93 A DIT Procurement Management Board that reviews budgets and\n      procurement actions for items procured through the ISC\n    \xe2\x80\x93 Regularly scheduled reports and meetings with SRA\n    \xe2\x80\x93 A formal process that assesses risks associated with contract\n      service providers, such as SRA\n\xe2\x80\xa2   SRA selected subcontractors consistent with the Federal\n    Acquisition Regulation and the terms and conditions of\n    the ISC.\n                               This Report Contains Confidential Information\n       For Official Use Only                       10                   Restricted Distribution\n\x0c                     Overall Results (Cont.)\n\xe2\x80\xa2   The FDIC can strengthen its contract oversight management of SRA\n    in the following control areas:\n\n    \xe2\x80\x93   ISC Oversight Roles and Responsibilities\n    \xe2\x80\x93   Acquisition Policies\n    \xe2\x80\x93   Award Fee Determination Process\n    \xe2\x80\x93   Contractor and Subcontractor Integrity and Fitness\n    \xe2\x80\x93   Review of Contractor and Subcontractor Invoices\n\n\xe2\x80\xa2   Management attention to these areas will strengthen ISC governance\n    and promote transparency and communication (throughout the ISC\n    program).\n\n\xe2\x80\xa2   Notably, corrective action is ongoing in a number of areas.\n\n\n\n                                This Report Contains Confidential Information\n        For Official Use Only                       11                   Restricted Distribution\n\x0c                         Roles and Responsibilities\nISC Oversight Roles and\n Responsibilities\n\xe2\x80\xa2 DIT documented the ISC Oversight\n  Committee\xe2\x80\x99s general duties and responsibilities\n  inAward\n     memoranda   to FEDSIM officials. However,\n     AwardFee\n  a formal FeeEvaluation\n                Evaluation\n           charter had not been developed that FEDSIM                        Millennia Contract                     SRA\n                                                   FEDSIM                                                            SRA\n  described,Board\n             Board\n              among other things, the committee\xe2\x80\x99s                                   ISC\n  purpose, reporting responsibilities, and\n  meetings schedule.\n                                         Interagency   Agreement                                          IT Services   Reporting\n\xe2\x80\xa2 Minutes for committee meetings had not been\n  prepared.\n                                        Federal Deposit Insurance Corporation\n\xe2\x80\xa2 The committee\xe2\x80\x99s membership consisted of the            ISC\n  Chief Information Officer (CIO), the Deputy              ISCOversight\n                                                               OversightCommittee\n                                                                          Committee\n  CIO for Infrastructure, and a Division of\n  Administration (DOA) Associate Director. DIT\n  could benefit by expanding the committee\xe2\x80\x99s\n  membership to obtain greater user                     ISC\n                                                          ISCProgram\n                                                              ProgramManagement\n                                                                        Management\n            DOA\n  representation. Acquisition  Services Branch\n             DOA Acquisition Services Branch                  Program Manager\n                                                               Program Manager            DIT\n                                                                                           DITProcurement\n                                                                                                ProcurementManagement\n                                                                                                            ManagementBoard\n                                                                                                                         Board\n                                                            Subject\n                                                             SubjectMatter\n                                                                    MatterExperts\n                                                                           Experts\n\xe2\x80\xa2 Subsequent to our field work, and based on the\n  preliminary results of our audit, the FDIC\n  formally adopted an ISC Oversight Committee\n  Charter and expanded the membership of the\n  committee during a January 29, 2008 meeting\n  of the CIOOperations\n              Council. The ISC Oversight Security                              Engineering              Asset\n  CommitteeOperations                            Security\n              charter requires, among other things,                              Engineering             AssetMgt\n                                                                                                               Mgt&&Procurement\n                                                                                                                      Procurement\n          Technical\n  the appointment   Monitor\n                    of a Secretariat\n           Technical Monitor         who  isTechnical Monitor\n                                             Technical Monitor               Technical Monitor\n                                                                              Technical Monitor             Technical\n                                                                                                             TechnicalMonitor\n                                                                                                                       Monitor\n  responsible for scheduling meetings and\n        Subject Matter\n                 MatterExperts           Subject\n                                          SubjectMatter\n                                                  MatterExperts            Subject\n         Subject\n  recording  minutes.   Experts\n                        Because these actions            Experts            SubjectMatter\n                                                                                   MatterExperts\n                                                                                          Experts         Subject\n                                                                                                           SubjectMatter\n                                                                                                                  MatterExperts\n                                                                                                                         Experts\n  address our concerns, we are making no\n  recommendation in this area.\n                                         This Report Contains Confidential Information\n               For Official Use Only                            12                      Restricted Distribution\n\x0c        Roles and Responsibilities (Cont.)\nISC Oversight Roles and Responsibilities\n Significant ISC responsibilities are vested in the ISC Program Manager position, including:\n    \xe2\x80\xa2 Managing and overseeing the ISC program, including strategic planning, coordination of ISC oversight\n  Award Fee\n     team   Evaluation\n         Feemembers,\n             Evaluation financial and budget administration, and liaison\n   Award                                  FEDSIM\n                                           FEDSIM                 Millenniawith FEDSIM, SRA, andSRA\n                                                                           Contract              DIT\n                                                                                                 SRA\n         Board\n     management\n          Board                                                          ISC\n    \xe2\x80\xa2 Chairing the Award Fee Evaluation Board\n                                 Interagency\n    \xe2\x80\xa2 Directly supervising the ISC            Agreement for IT Asset Management and Procurement\n                                    Technical Monitor                                   IT Services and\n                                                                                                     Reporting\n                                                                                                        several\n      Subject Matter Experts\n    \xe2\x80\xa2 Serving in back-up or acting capacities for the Deputy CIO for Infrastructure, Technical Monitors, and\n                                 Federal\n      Subject Matter Experts on an          Deposit\n                                     as-needed basisInsurance Corporation\n DIT contemplated segregating some of theseISCISCOversight\n                                               duties      Committee\n                                                      between\n                                                  Oversight    two ISC positions when the ISC program was\n                                                            Committee\n established. DIT could enhance internal control by segregating these duties, where appropriate, when it\n completes ongoing efforts to hire an Infrastructure Project Manager and Service Delivery Manager in the\n Infrastructure Services Branch.\n                                                  ISC\n                                                   ISC Program  Management\n                                                        ProgramManagement\n                                                                 Management\n                                                  ISC\n                                                   ISCProgram\n                                                        Program  Management\n         DOA\n          DOAAcquisition\n              AcquisitionServices\n                          ServicesBranch\n                                   Branch              Program Manager\n                                                        Program Manager          DIT\n                                                                                  DITProcurement\n                                                                                      ProcurementManagement\n                                                                                                 ManagementBoard\n                                                                                                            Board\n                                                     Subject\n                                                      SubjectMatter\n                                                             MatterExperts\n                                                                    Experts\n\n\n\n\n          Operations\n           Operations                     Security\n                                           Security                   Engineering\n                                                                       Engineering            Asset\n                                                                                               AssetMgt\n                                                                                                    Mgt&&Procurement\n                                                                                                            Procurement\n       Technical\n        TechnicalMonitor\n                 Monitor              Technical\n                                       TechnicalMonitor\n                                                Monitor             Technical\n                                                                     TechnicalMonitor\n                                                                              Monitor             Technical\n                                                                                                   TechnicalMonitor\n                                                                                                             Monitor\n     Subject\n      SubjectMatter\n             MatterExperts          Subject\n                                     SubjectMatter\n                                            MatterExperts         Subject\n                    Experts                        Experts         SubjectMatter\n                                                                          MatterExperts\n                                                                                 Experts        Subject\n                                                                                                 SubjectMatter\n                                                                                                        MatterExperts\n                                                                                                               Experts\n\n\n                                     This Report Contains Confidential Information\n            For Official Use Only                            13                  Restricted Distribution\n\x0c    Roles and Responsibilities (Cont.)\n\nAward\n AwardFee\n       FeeEvaluation\n           Evaluation                       FEDSIM\n                                             FEDSIM                    Millennia Contract                    SRA\n                                                                                                              SRA\n       Board\n        Board                                                                 ISC\n\n                                   Interagency    Agreement                                        IT Services   Reporting\n\nISC Oversight Roles and Responsibilities\n                                   Federal Deposit Insurance Corporation\nDIT documented duties and responsibilities for the ISC Technical\nMonitors and Subject Matter Experts in memoranda\n                                               ISC         to FEDSIM\n                                                 ISCOversight\n                                                     OversightCommittee\n                                                               Committee\nofficials. However, these duties and responsibilities      do not\nreflect current practices in some areas. In addition, DIT could\npromote transparency and communication among its ISC\nprogram staff, SRA personnel, and SRA subcontractor\n                                              ISC             personnel\n                                                ISCProgram\n                                                    ProgramManagement\n                                                             Management\nby incorporating\n        DOA       Technical\n         DOAAcquisition\n                               Monitor\n             AcquisitionServices\n                         ServicesBranch\n                                        and Subject    Matter Expert\n                                                    Program                       DIT\n                                                                                   DITProcurement\n                                                                                       ProcurementManagement\n                                                                                                  ManagementBoard\n                                  Branch\nduties and responsibilities into a formal DIT SubjectProgramManager\n                                                  policy.    Manager                                         Board\n                                                         Matter Experts\n                                                    Subject Matter Experts\n\n\n\n\n         Operations\n          Operations                     Security\n                                          Security                     Engineering\n                                                                        Engineering            Asset\n                                                                                                AssetMgt\n                                                                                                     Mgt&&Procurement\n                                                                                                             Procurement\n      Technical\n       TechnicalMonitor\n                Monitor              Technical\n                                      TechnicalMonitor\n                                               Monitor               Technical\n                                                                      TechnicalMonitor\n                                                                               Monitor             Technical\n                                                                                                    TechnicalMonitor\n                                                                                                              Monitor\n    Subject\n     SubjectMatter\n            MatterExperts          Subject\n                                    SubjectMatter\n                                           MatterExperts          Subject\n                   Experts                        Experts          SubjectMatter\n                                                                          MatterExperts\n                                                                                 Experts         Subject\n                                                                                                  SubjectMatter\n                                                                                                         MatterExperts\n                                                                                                                Experts\n\n\n                                    This Report Contains Confidential Information\n           For Official Use Only                            14                    Restricted Distribution\n\x0c                   Procurement Management\n\nAward\n AwardFee\n       FeeEvaluation\n           Evaluation                       FEDSIM\n                                             FEDSIM                  Millennia Contract                    SRA\n                                                                                                            SRA\n       Board\n        Board                                                               ISC\n\n                                   Interagency    Agreement                                      IT Services   Reporting\n\n                                                                      DIT Procurement Management Board\n                                   Federal Deposit Insurance Corporation\n                                                             The DIT Procurement Management Board\n                                                                      is an excellent control for reviewing IT\n                                                 ISC\n                                                  ISCOversight\n                                                      OversightCommittee\n                                                                Committee\n                                                                     procurement actions under the ISC.\n\n\n                                                 ISC\n                                                  ISCProgram\n                                                      ProgramManagement\n                                                                Management\n       DOA\n        DOAAcquisition\n            AcquisitionServices\n                        ServicesBranch\n                                 Branch               Program Manager\n                                                       Program Manager          DIT\n                                                                                 DITProcurement\n                                                                                     ProcurementManagement\n                                                                                                ManagementBoard\n                                                                                                           Board\n                                                    Subject\n                                                     SubjectMatter\n                                                            MatterExperts\n                                                                   Experts\n\n\n\n\n        Operations\n         Operations                      Security\n                                          Security                   Engineering\n                                                                      Engineering            Asset\n                                                                                              AssetMgt\n                                                                                                   Mgt&&Procurement\n                                                                                                           Procurement\n     Technical\n      TechnicalMonitor\n               Monitor               Technical\n                                      TechnicalMonitor\n                                               Monitor             Technical\n                                                                    TechnicalMonitor\n                                                                             Monitor             Technical\n                                                                                                  TechnicalMonitor\n                                                                                                            Monitor\n   Subject\n    SubjectMatter\n           MatterExperts           Subject\n                                    SubjectMatter\n                                           MatterExperts         Subject\n                  Experts                         Experts         SubjectMatter\n                                                                         MatterExperts\n                                                                                Experts        Subject\n                                                                                                SubjectMatter\n                                                                                                       MatterExperts\n                                                                                                              Experts\n\n\n                                    This Report Contains Confidential Information\n           For Official Use Only                            15                  Restricted Distribution\n\x0c                              Acquisition Policies\n                                                   Acquisition Policies\n                                                   The FDIC\xe2\x80\x99s Acquisition Policy Manual (APM) does not\nAward\n                                                   address performance-based acquisitions. DOA needs to give\n AwardFee\n       FeeEvaluation\n           Evaluation\n       Board                                 FEDSIMpriority attentionMillennia\n                                            FEDSIM                             Contract planned revisions\n                                                                      to completing                     SRA\n                                                                                                          to the APM\n                                                                                                         SRA\n        Board                                      that will address, among ISC other things, performance-based\n                                                   acquisitions.\n                                   Interagency    Agreement                                      IT Services   Reporting\n                                                Several Technical Monitors and Subject Matter Experts\n                                                expressed interest in obtaining additional performance-based\n                                                contract\n                                   Federal Deposit       management\n                                                    Insurance           training to help them more effectively\n                                                                 Corporation\n                                                carry out their ISC duties. Because the FDIC has a number of\n                                             ISC\n                                                performance-based\n                                                 Oversight\n                                                                      contracts, DOA should work with the\n                                              ISC OversightCommittee\n                                                Corporate   Committee\n                                                            University to address this need.\n                                                     Although not required to do so, DOA conducts periodic on-site\n                                                     inspections of SRA\xe2\x80\x99s procurement files to review SRA\xe2\x80\x99s\n                                                 ISC  Program\n                                                       ProgramManagement\n                                                  ISCprocurement    practices. Such oversight is commendable. The\n                                                                Management\n       DOA\n        DOAAcquisition\n            AcquisitionServices\n                        ServicesBranch\n                                 Branch               Program\n                                                     FDIC      Manager\n                                                            would\n                                                       Program                    DIT\n                                                                                   DITProcurement\n                                                                    benefit by formally\n                                                                Manager                ProcurementManagement\n                                                                                                         this Board\n                                                                                                   Management\n                                                                                           documenting         Board\n                                                                                                              internal\n                                                     control\n                                                    Subject   to ensure\n                                                     SubjectMatter\n                                                            MatterExperts\n                                                                   Experts\n                                                                          the inspections  continue  and meet\n                                                     management\xe2\x80\x99s     expectations.\n                                                   FEDSIM has contracting authority over the ISC. Accordingly,\n                                                   DOA does not approve procurement actions processed through\n                                                   the ISC. The FDIC would benefit by clarifying DOA\xe2\x80\x99s role in\n        Operations\n         Operations                      Security\n                                          Security connection withEngineering\n                                                                   ISC                Asset\n                                                                                       AssetMgt\n                                                                        procurement actions.\n                                                                   Engineering               Mgt&&Procurement\n                                                                                                   Procurement\n     Technical\n      TechnicalMonitor\n               Monitor               Technical\n                                      TechnicalMonitor\n                                                Monitor            Technical\n                                                                    TechnicalMonitor\n                                                                              Monitor            Technical\n                                                                                                  TechnicalMonitor\n                                                                                                            Monitor\n   Subject\n    SubjectMatter\n           MatterExperts           Subject\n                                    SubjectMatter\n                                           MatterExperts         Subject\n                  Experts                         Experts         SubjectMatter\n                                                                         MatterExperts\n                                                                                Experts        Subject\n                                                                                                SubjectMatter\n                                                                                                       MatterExperts\n                                                                                                              Experts\n\n\n                                    This Report Contains Confidential Information\n           For Official Use Only                            16                  Restricted Distribution\n\x0c                   Award Fee Determinations\n                             Award Fee Determination Process\n                             The Award Fee Determination Plan needs to be updated in some key areas,\nAward\n AwardFee\n       FeeEvaluation\n           Evaluation\n                             including a clarification of criteria used to assess SRA\xe2\x80\x99s performance under\n                             the ISC. InFEDSIM\n                                         FEDSIM                   Millenniaby\n                                          addition, DIT would benefit      Contract                 SRA\n                                                                                                     SRA\n                                                                              appointing a Secretariat to\n       Board\n        Board                                                            ISC\n                             maintain the Award Fee Determination Plan and related documentation.\n                             DIT,Interagency    Agreement\n                                    in coordination                                      IT Services\n                                                     with FEDSIM, established and periodically          Reporting\n                                                                                                   revised\n                             Service Level Agreements (SLA)* to assess SRA\xe2\x80\x99s performance on the ISC\n                             and support award fee evaluations. Such actions are positive. However,\n                                 Federal\n                             according   to Deposit   Insurance\n                                             some Technical       Corporation\n                                                               Monitors and Subject Matter Experts, additional\n                             revisions to certain SLAs were needed to achieve more optimal contractor\n                             performance outcomes.\n                                               ISC\n                                                ISCOversight\n                                                    OversightCommittee\n                                                              Committee\n                              ISC Technical Monitors report regularly to the Award Fee Evaluation Board\n                              regarding the performance of SRA and its subcontractors. However, each\n                              Technical Monitor votes on award fee evaluations on a rotational basis (or\n                                             ISC\n                                              ISCProgram\n       DOA Acquisition\n                              once\n                       Services\n                                    every 2 years).\n                                Branch\n                                                     DIT Management\n                                                  Program   Management\n                                                           can   create a stronger\n                                                                               DIT\n                                                                                     link between technical\n        DOA Acquisition Services Branch           Program\n                                                   Program Manager\n                                                            Manager\n                              assessments of SRA\xe2\x80\x99s performance and award        DITProcurement\n                                                                                    ProcurementManagement\n                                                                                                Management\n                                                                                    fee decisions\n                                                                                                          Board\n                                                                                                  by havingBoard\n                                                                                                             each\n                              Technical Monitor Subject\n                                                  vote  Matter\n                                                         on    Experts\n                                                 Subject Matter Experts\n                                                             each  award   fee evaluation.\n\n                             * An SLA is a written contract between a provider of a service and the customer of that\n                             service to establish measurable targets of performance with the objective of achieving a\n                             common understanding of the level of service required.\n        Operations\n         Operations                    Security\n                                        Security                     Engineering\n                                                                      Engineering            Asset\n                                                                                              AssetMgt\n                                                                                                    Mgt&&Procurement\n                                                                                                           Procurement\n     Technical\n      TechnicalMonitor\n               Monitor             Technical Monitor\n                                    Technical Monitor              Technical Monitor\n                                                                    Technical Monitor            Technical\n                                                                                                  TechnicalMonitor\n                                                                                                            Monitor\n   Subject\n    SubjectMatter\n           MatterExperts           Subject\n                                    SubjectMatter\n                                           MatterExperts         Subject\n                  Experts                         Experts         SubjectMatter\n                                                                         MatterExperts\n                                                                                Experts        Subject\n                                                                                                SubjectMatter\n                                                                                                       MatterExperts\n                                                                                                              Experts\n\n\n                                    This Report Contains Confidential Information\n           For Official Use Only                            17                  Restricted Distribution\n\x0c              Contractor Integrity and Fitness\nContractor Integrity and Fitness\nWe sampled six subcontractors engaged by SRA to provide services under\nthe ISC and found that one had not completed Integrity and Fitness\n Award\n  AwardFee\n        FeeEvaluation\n            Evaluation\nRepresentations    and Certifications required    by 12 Code of Federal\n                                           FEDSIM\n                                            FEDSIM                   Millennia Contract                   SRA\n                                                                                                           SRA\n        Board\nRegulations\n         BoardPart 366. DIT and SRA officials advised us that this particular\n                                                                            ISC\nsubcontractor did not complete the Integrity and Fitness Representations and\nCertifications because the subcontractor\n                                  Interagency is considered\n                                                  Agreement to be a \xe2\x80\x9cvendor,\xe2\x80\x9d and               IT Services   Reporting\nas such, its services are exempt from the requirements of Part 366. However,\nsuch an exemption does not exist under Part 366. Subsequent to our\nfieldwork, DIT obtained the Integrity\n                                  Federal andDeposit\n                                                Fitness Insurance\n                                                        Representations    and\n                                                                    Corporation\nCertifications for this subcontractor. Accordingly, we are not making a\nrecommendation in this area.                     ISC Oversight Committee\n                                                 ISC Oversight Committee\nThe FDIC generally completed background investigations, confidentiality\nagreements, and contractor pre-exit clearance procedures for the contractor\nand subcontractor employees that we sampled. However, we did note some\n                                             ISC\n                                              ISCProgram\nexceptions. DIT and DOA should place additional            Management\n                                                        emphasis\n                                                  Program          on ensuring that\n                                                            Management\n       DOA Acquisition\n        DOA Acquisition\nsuch procedures        Services Branch\n                        Services Branch\n                are consistently                  Program\n                                    followed. We Program  Manager\n                                                   are notManager\n                                                             making a       DIT\n                                                                             DITProcurement\n                                                                                 ProcurementManagement\n                                                                                            ManagementBoard\n                                                                                                       Board\nrecommendation, however, because OIG Evaluation Subject\n                                                 SubjectMatter\n                                                        MatterExperts\n                                                         Report   No.\n                                                               Experts EM-08-002,\nInformation Technology Procurement Integrity and Governance, includes a\nrecommendation to address our concerns.\n\nOversight of Contractor Invoices\n         Operations                     Security                    Engineering             Asset\n                                                                                             AssetMgt\n                                                                                                  Mgt&&Procurement\nThe FDICOperations\n            does not have a corporate Security                       Engineering\n                                          program for conducting periodic       audits                    Procurement\n      Technical\nof contractor    Monitor\n       Technicalinvoices            Technical\n                 Monitor to ensure that\n                                     TechnicalMonitor\n                                         billedMonitor            Technical\n                                                                   Technical\n                                                 costs are allowable,       Monitor\n                                                                             Monitor\n                                                                      allocable,                Technical\n                                                                                                 TechnicalMonitor\n                                                                                                           Monitor\nreasonable,\n    Subject  and Experts\n     SubjectMatter consistent withSubject Matter\n                                           MatterExperts\n                                   contractual    terms and conditions.\n                                                                Subject   TheExperts\n                                                                        Matter   OIG is       Subject\n            Matter Experts         Subject        Experts        Subject\nestablishing a risk-based contract audit program to address this issue;  Matter Experts        SubjectMatter\n                                                                                                      MatterExperts\n                                                                                                             Experts\naccordingly, we are making no recommendation in this area.\n                                    This Report Contains Confidential Information\n           For Official Use Only                         18                    Restricted Distribution\n\x0c                         Recommendations\n\nWith regard to ISC oversight roles and responsibilities, we\nrecommend that the Director, DIT:\n\n1. Segregate the duties of the ISC Program Manager position, where\n   appropriate, when DIT completes ongoing efforts to hire an\n   Infrastructure Project Manager and Service Delivery Manager in the\n   Infrastructure Services Branch.\n\n2. Update the FDIC\xe2\x80\x99s memorandum to FEDSIM regarding Technical\n   Monitor and Subject Matter Expert duties and responsibilities to\n   reflect current practices, and incorporate these duties and\n   responsibilities into a formal DIT policy.\n\n\n\n\n                             This Report Contains Confidential Information\n     For Official Use Only                       19                   Restricted Distribution\n\x0c              Recommendations (Cont.)\n\nWith regard to the Award Fee Determination Process, we\nrecommend that the Director, DIT, in coordination with\nFEDSIM:\n\n3. Update the Award Fee Determination Plan to reflect current practices,\n   including clarifying criteria used to assess SRA\xe2\x80\x99s performance under\n   the ISC and requiring Technical Monitors to vote on each award fee\n   evaluation, and appoint a Secretariat to maintain the Award Fee\n   Determination Plan and related documentation.\n\n4. Coordinate with the Technical Monitors and Subject Matter Experts to\n   determine whether certain SLAs need to be revised in order to achieve\n   more optimal contractor performance outcomes.\n\n\n\n                             This Report Contains Confidential Information\n     For Official Use Only                       20                   Restricted Distribution\n\x0c              Recommendations (Cont.)\nWith regard to acquisition policies, we recommend that the\nDirector, DOA:\n\n  5. Address performance-based acquisitions in the FDIC\xe2\x80\x99s Acquisition\n     Policy Manual.\n\n  6. Work with the Corporate University to develop performance-based\n     contract management training.\n\n  7. Document DOA\xe2\x80\x99s internal control of conducting periodic on-site\n     inspections of procurement files to review contractor procurement\n     practices.\n\n  8. Clarify DOA\xe2\x80\x99s role in connection with ISC procurement actions.\n\n\n\n                             This Report Contains Confidential Information\n     For Official Use Only                       21                   Restricted Distribution\n\x0cCorporation Comments and OIG Evaluation\n\nOn March 19, 2008, the CIO and Director, DIT, and the\nDirector, DOA, provided a written response to a draft of this\nreport. The Corporation\xe2\x80\x99s response is in Appendix 2.\nManagement concurred with our recommendations and\nprovided planned, ongoing, and completed corrective action. A\nsummary of management\xe2\x80\x99s response to each recommendation\nis in Appendix 3.\n\nSufficient action has been taken to close recommendation 6.\nThe remaining recommendations are resolved but will remain\nopen until we determine that the agreed-to corrective actions\nhave been completed and are responsive.\n\n\n\n                             This Report Contains Confidential Information\n     For Official Use Only                       22                   Restricted Distribution\n\x0c                                                                                  APPENDIX 1\n                        OBJECTIVES, SCOPE, AND METHODOLOGY\n\n\n\nObjectives and Scope\n\n      The objectives of the audit were to assess (1) the FDIC\xe2\x80\x99s contract oversight management\n      of SRA and its subcontractors, including subcontractor selection and performance and\n      (2) support for payments made by the FDIC for IT goods and services provided by SRA\n      and its subcontractors. We conducted this performance audit from October through\n      December 2007 in accordance with generally accepted government auditing standards\n      (GAGAS). Those standards require that we plan and perform the audit to obtain\n      sufficient, appropriate evidence to provide a reasonable basis for our findings and\n      conclusions based on our audit objectives. We believe that the evidence obtained\n      provides a reasonable basis for our findings and conclusions based on our audit\n      objectives.\n\n      The scope of our audit focused on assessing the FDIC\xe2\x80\x99s management controls that were\n      designed to ensure effective contract oversight management of SRA and its\n      subcontractors. Our audit did not assess contract administration services provided by the\n      GSA. With respect to payments made by the FDIC for IT goods and services, we\n      engaged DCAA to perform appropriate audit procedures to determine whether such\n      payments were adequately supported consistent with the terms and conditions of the ISC\n      and the Millennia contract. DCAA conducted its work in accordance with GAGAS.\n\n\nMethodology\n\n      To achieve our objectives, we:\n\n         \xe2\x80\xa2    Interviewed DIT and DOA representatives regarding their roles and\n              responsibilities for the ISC and the controls the FDIC had in place to help ensure\n              effective contract oversight management of SRA and its subcontractors. We also\n              interviewed SRA management officials to obtain their perspective on the FDIC\xe2\x80\x99s\n              oversight management practices with respect to the ISC. Further, we met with\n              contracting officials at GSA\xe2\x80\x99s FEDSIM Center to obtain an understanding of their\n              role in the ISC program.\n\n         \xe2\x80\xa2    Analyzed relevant reports and contract-specific documents, such as SRA status\n              reports and award fee determination reports.\n\n         \xe2\x80\xa2    Observed key ISC-related meetings, including meetings of the DIT Procurement\n              Management Board and the Award Fee Determination Board.\n\n\n\n\n                                               23\n                          This Report Contains Confidential Information\n        For Official Use Only                                     Restricted Distribution\n\x0c                                                                                            APPENDIX 1\n\n\n     \xe2\x80\xa2   Selected a non-statistical sample* of 40 subcontractor employees to determine\n         whether required background investigations, confidentiality agreements, and pre-\n         exit clearance forms had been completed consistent with FDIC policy. We\n         selected the sample from the same four invoices reviewed by DCAA. We\n         included SRA and subcontractor employees that were in the FDIC Virginia\n         Square location and various field offices.\n\n     \xe2\x80\xa2   Selected a non-statistical sample of six SRA subcontractors to determine whether\n         integrity and fitness certifications had been completed as prescribed by FDIC\n         policy. We selected the sample from the same four invoices reviewed by DCAA.\n\n     \xe2\x80\xa2   Considered FDIC and DIT-specific policies related to contract oversight\n         management and IT procurement, including:\n\n         o The FDIC\xe2\x80\x99s Acquisition Policy Manual, including the Letter of Oversight\n           Manager Confirmation and Letter of Technical Monitor Confirmation.\n\n         o Circular 1610.2, Security Policy and Procedures for FDIC Contractors and\n           Subcontractors, dated August 1, 2003.\n\n         o DIT Policy No. 05-002, Procuring IT Assets, dated May 25, 2005.\n\n         o DIT Internal Policy Memorandum, Receiving of IT Assets Policy, dated\n           February 12, 2003.\n\n         o DIT Memorandum to GSA, Technical Monitor and Subject Matter Expert\n           Designations, Duties, and Responsibilities, dated October 2, 2007.\n\n     \xe2\x80\xa2   Considered federal regulations, policies, and recommended practices pertaining to\n         interagency and performance-based contracting. Such criteria included applicable\n         sections of the Federal Acquisition Regulation (FAR), guidance published by the\n         Office of Federal Procurement Policy, and reports issued by the Government\n         Accountability Office.\n\n     \xe2\x80\xa2   Engaged DCAA to determine whether charges for IT goods and services contained\n         in selected invoices submitted under the ISC were adequately supported consistent\n         with the terms and conditions of the ISC and Millennia contract. Specifically,\n         DCAA assessed whether charges for IT goods and services provided by SRA and\n         two of its subcontractors were supported with adequate, original documentation\n         consistent with the terms and conditions of the ISC and Millennia contract.\n         DCAA\xe2\x80\x99s audit procedures included, for example, examining timesheets to verify\n         that the hours billed were actually worked and reviewing qualifications, experience,\n\n\n*\n  The results of a non-statistical sample cannot be projected to the intended population by standard\nstatistical methods.\n                                           24\n                      This Report Contains Confidential Information\n    For Official Use Only                                     Restricted Distribution\n\x0c                                                                                   APPENDIX 1\n\n              and education for a sample of contractor and subcontractor employees to ensure the\n              employees satisfied the minimum requirements of the ISC and Millennia contract.\n\n              The FDIC OIG selected the following four ISC invoices for DCAA\xe2\x80\x99s detailed\n              review.\n\n\n                   Invoice Number       Period of Performance         Amount\n                   600231193            December 1-31, 2006       $ 7,739,724.44\n                   600240511            January 1-31, 2007        $11,601,627.29\n                   600278697            May 1-31, 2007            $ 4,448,444.71\n                   600294828            June 1-30, 2007           $ 7,646,601.36\n\n\nInternal Control\n\n      We assessed key FDIC internal controls related to the oversight management of the ISC,\n      including:\n\n          \xe2\x80\xa2   Relevant FDIC and DIT policies, procedures, guidance, and training.\n\n          \xe2\x80\xa2   The roles and responsibilities of key ISC stakeholders, including the ISC\n              Oversight Committee, Program Manager, Technical Monitors, and Subject Matter\n              Experts.\n\n          \xe2\x80\xa2   The ISC governance structure.\n\n          \xe2\x80\xa2   The ISC award fee determination process.\n\n      In addition, DCAA performed appropriate tests of contractor internal controls for the\n      purpose of planning and conducting its audit work.\n\n\n      Reliance on Computer-processed Data. Our audit objective did not require that we\n      separately assess the reliability of computer-processed data to support our significant\n      findings, conclusions, and recommendations. Additionally, in performing this audit, we\n      did not consider it necessary to evaluate the effectiveness of information systems controls\n      in order to obtain sufficient, appropriate evidence.\n\n\n      Performance Measurement. We determined that DIT\xe2\x80\x99s performance measures under\n      the Government Performance and Results Act were not significant to our audit\n      objectives.\n\n\n\n                                               25\n                          This Report Contains Confidential Information\n        For Official Use Only                                     Restricted Distribution\n\x0c                                                                                    APPENDIX 1\n\n\nCompliance with Laws and Regulations\n\n      The following regulations were relevant to our audit objectives:\n\n         \xe2\x80\xa2   12 Code of Federal Regulations (C.F.R.) Part 366, Minimum Standards of\n             Integrity and Fitness for an FDIC Contractor \xe2\x80\x93 establishes the minimum\n             standards of integrity and fitness that contractors, subcontractors, and employees\n             of contractors and subcontractors must meet if they perform any service or\n             function on the FDIC\xe2\x80\x99s behalf. Part 366 implements sections 12(f)(3) and (4) of\n             the Federal Deposit Insurance Act (12 United States Code sections 1822(f)(3) and\n             (4)) regarding contractor conflicts of interest and disapproval.\n\n         \xe2\x80\xa2   FAR Subchapter G, Contract Management \xe2\x80\x93 establishes uniform policies and\n             procedures for contract management by all executive agencies, including contract\n             management, subcontracting, and quality assurance. We used the FAR as criteria\n             because the ISC is a task order awarded under the FEDSIM\xe2\x80\x99s Millennia contract,\n             which is based on the FAR.\n\n      We assessed the risk of fraud related to the audit objectives in the course of evaluating\n      audit evidence.\n\n\nPrior Coverage\n\n      We considered the following reports previously issued by the FDIC OIG in planning and\n      conducting our work:\n\n         \xe2\x80\xa2   Evaluation Report No. EM-08-002, Information Technology Procurement\n             Integrity and Governance, dated March 4, 2008.\n\n         \xe2\x80\xa2   Evaluation Report No. EM-07-003, Follow-up Work Related to FDIC\xe2\x80\x99s Contract\n             Assessment Report, dated May 30, 2007.\n\n         \xe2\x80\xa2   Audit Report No. 07-004, Interagency Agreement with the General Services\n             Administration for the Infrastructure Services Contract, dated\n             January 10, 2007.\n\n         \xe2\x80\xa2   Evaluation Report No. 06-026, FDIC\xe2\x80\x99s Contract Administration, dated\n             September 29, 2006.\n\n\n\n\n                                               26\n                          This Report Contains Confidential Information\n        For Official Use Only                                     Restricted Distribution\n\x0c\x0c                                                                     APPENDIX 2\n\n\n\n\n                                       28\n                  This Report Contains Confidential Information\nFor Official Use Only                                     Restricted Distribution\n\x0c                                                                         APPENDIX 2\n\n\n\n\n                                                                                        *\n\n\n\n\n*\n    This attachment is not included in the report.\n\n\n\n\n                                           29\n                      This Report Contains Confidential Information\n    For Official Use Only                                     Restricted Distribution\n\x0c                                                                                       APPENDIX 2\n\n\n\n\n                                                                                                          *\n\n\n\n\n* Subsequent to our receipt of the Corporation\xe2\x80\x99s official comments, GSA\xe2\x80\x99s Contracting Officer\nRepresentative (COR) provided a clarification to this sentence on April 10, 2008. Specifically, the COR\ncommented that the SRA operates under an approved purchasing system, and as such, is required to adhere\nto applicable procurement regulations and ensure the best value for the government. The COR has neither\nthe authority nor the responsibility for SRA\xe2\x80\x99s adherence to procurement regulations.\n\n\n                                         30\n                    This Report Contains Confidential Information\n  For Official Use Only                                     Restricted Distribution\n\x0c                                                                                                   APPENDIX 3\n                     MANAGEMENT RESPONSE TO RECOMMENDATIONS\n\n\nThis table presents management\xe2\x80\x99s response to each recommendation in our report and the status\nof each recommendation as of the date of report issuance.\n\n\n Rec.      Corrective Action: Taken or Planned              Expected       Monetary   Resolved:a     Open\n No.                                                       Completion      Benefits   Yes or No       or\n                                                               Date                                 Closedb\n  1       The ISC Program Manager will work with          May 30, 2008        $0      Yes           Open\n          the Infrastructure Project Manager and\n          Service Delivery Manager (once on board)\n          to delegate some program management\n          responsibilities.\n\n  2       DIT will finalize a draft policy that updates   April 30, 2008      $0      Yes           Open\n          and defines the oversight roles of the\n          Technical Monitors and Subject Matter\n          Experts.\n\n  3       DIT has drafted an update to the Award          April 30, 2008      $0      Yes           Open\n          Fee Determination Plan that designates all\n          Technical Monitors as voting members. In\n          addition, a Secretariat and Recorder have\n          been assigned. These changes will be\n          included in the next contract modification.\n          (Also, see actions taken in response to\n          recommendation 4.)\n\n  4       DIT, in coordination with FEDSIM, has           April 30, 2008      $0      Yes           Open\n          reviewed the SLAs and presented proposed\n          modifications to SRA. Once final\n          recommendations have received\n          concurrence from all parties, the changes\n          will be submitted to FEDSIM for contract\n          modification.\n\n  5       DOA has addressed performance-based             May 30, 2008        $0      Yes           Open\n          acquisitions in a revised draft of the APM\n          and associated procedures and guidance.\n\n  6       DOA, in conjunction with the Corporate          March 17, 2008      $0      Yes           Closed\n          University, is sponsoring performance-\n          based contract management and statement\n          of work training in 2008.\n\n\n\n\n                                               31\n                          This Report Contains Confidential Information\n        For Official Use Only                                      Restricted Distribution\n\x0c                                                                                                     APPENDIX 3\n\n\n\n     7      DOA will accompany GSA on its periodic      May 31, 2008           $0        Yes           Open\n            reviews of SRA procurement actions.\n            GSA will issue a contract modification\n            documenting the review process in the\n            SRA Quality Assurance Surveillance Plan.\n\n     8      DOA will document its process for           May 31, 2008           $0        Yes           Open\n            reviewing ISC procurement actions in a\n            memorandum to be issued jointly by DOA\n            and DIT.\n\n\na\n    Resolved \xe2\x80\x93 (1) Management concurs with the recommendation, and the planned, ongoing, and completed corrective\n                   action is consistent with the recommendation.\n              (2) Management does not concur with the recommendation, but alternative action meets the intent of\n                  the recommendation.\n              (3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary\n                  benefits are considered resolved as long as management provides an amount.\nb\n  Once the OIG determines that the agreed-upon corrective actions have been completed and are responsive to the\nrecommendations, the recommendations can be closed.\n\n\n\n\n                                                 32\n                            This Report Contains Confidential Information\n          For Official Use Only                                      Restricted Distribution\n\x0c"